b9513978768f512157a229ebff9c686b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b9513978768f512157a229ebff9c686b_JaffaCakes118
Size

336KB
MD5

b9513978768f512157a229ebff9c686b
SHA1

74ece12cbaff636c588ee189cb39d70ab64e4649
SHA256

44e23c8734432752081d75322dd992a91862ccfc7d1a15edcbbe36c3c9a1ea33
SHA512

03c8122321115cabf62c8ba93d2fbd0283d6fbb2682b741c66b84dfb8b23a7ecd327bbea784c9d57d8498d0b826a8e67037fb08e716162426579d9575a635f66
SSDEEP

6144:gNiLb/P+bUBDA6aY4hSM3IM2icKxbMUucLfLy88hSA:gULb/P+bUBDA6aYuSM3IVicKx3uefuS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9513978768f512157a229ebff9c686b_JaffaCakes118

Files

b9513978768f512157a229ebff9c686b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1b5bbd648f93aa876a82423b0f0344c1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetAddConnection2A
WNetOpenEnumA
WNetEnumResourceA
WNetCancelConnection2A
WNetCloseEnum

ws2_32

ioctlsocket
WSAGetLastError
setsockopt
bind
listen
accept
gethostbyaddr
recvfrom
sendto
inet_ntoa
__WSAFDIsSet
select
closesocket
recv
send
connect
htons
inet_addr
gethostbyname
WSACleanup
WSAStartup
WSASetLastError
socket
gethostname

rhv

ord1

netapi32

NetUserEnum
NetApiBufferFree

libmysql

mysql_init
mysql_connect
mysql_close

kernel32

CreateFileA
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetProcAddress
LoadLibraryA
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
GetFileAttributesA
GetFileSize
GetFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
GetCurrentProcess
FreeLibrary
FindNextFileA
TlsAlloc
GlobalFree
GlobalUnlock
GlobalHandle
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
WritePrivateProfileStringA
GetCurrentDirectoryA
GetProcessVersion
GetCPInfo
GetOEMCP
ExitProcess
TerminateProcess
RtlUnwind
GetSystemTime
GetLocalTime
CreateThread
ExitThread
SetStdHandle
GetFileType
GetACP
RaiseException
HeapReAlloc
HeapSize
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
GetExitCodeProcess
CompareStringA
CompareStringW
SetEnvironmentVariableA
DuplicateHandle
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
WaitForSingleObject
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
lstrlenA
InterlockedDecrement
InterlockedIncrement
CreatePipe
GetStartupInfoA
CreateProcessA
ReadFile
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
HeapAlloc
HeapFree
CopyFileA
GetTickCount
Sleep
SetLastError
GetTimeZoneInformation
LocalAlloc
LocalFree
CloseHandle
GetLastError
GetCommandLineA
GetModuleHandleA
GetModuleFileNameA
DeleteFileA
InterlockedExchange
GetFileInformationByHandle
PeekNamedPipe

user32

CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetFocus
GetSysColor
MapWindowPoints
LoadIconA
SetWindowTextA
ShowWindow
IsWindowEnabled
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
SetCursor
GetClassNameA
PtInRect
ClientToScreen
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
LoadCursorA
GetSysColorBrush
DestroyMenu
GetTopWindow
GetParent
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
CharUpperA
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
SendMessageA
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
LoadStringA
PostMessageA
PostQuitMessage
CharToOemA
EnableWindow
wsprintfA
MessageBoxA
GetWindowRect

gdi32

GetStockObject
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
Escape
ExtTextOutA
TextOutA
DeleteObject
DeleteDC
SaveDC
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
RestoreDC
GetDeviceCaps
PtVisible
RectVisible
SelectObject

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

GetSidSubAuthorityCount
FreeSid
AllocateAndInitializeSid
RegCloseKey
RegSetValueExA
LookupAccountSidA
LookupAccountNameA
GetSidIdentifierAuthority
GetSidSubAuthority
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA

comctl32

ord17

Sections

.text
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b5bbd648f93aa876a82423b0f0344c1

Headers

File Characteristics

Imports

mpr

ws2_32

rhv

netapi32

libmysql

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

Sections

.text Size: 244KB - Virtual size: 243KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 48KB - Virtual size: 1.1MB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 244KB - Virtual size: 243KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 48KB - Virtual size: 1.1MB

.rsrc
Size: 4KB - Virtual size: 1KB